Secure your website

Cloudflare offers several tools to protect your website against malicious traffic and bad actors.

​​ Protection options

​​ Default protection

As long as your traffic is proxied by Cloudflare , Cloudflare automatically protects your application from DDoS attacks Open external link .

Cloudflare also issues and renews free, unshared, publicly trusted SSL/TLS certificates to all Cloudflare domains.

​​ One-click protection

For customers on a Pro plan or above, Cloudflare offers several Managed Rulesets as part of the Web Application Firewall (WAF).

All customers also have the options to adjust the following Security settings:

• Security level Open external link : Use the IP reputation of a visitor to determine whether to present a Managed Challenge Open external link page.
• Challenge Passage Open external link : Specify the length of time that a visitor can access your website after completing a security challenge.
• Browser Integrity Check Open external link : Evaluate incoming HTTP headers based on known threats — such as requests with a missing or non-standard user agent — and present a challenge page if needed.
• Privacy Pass Support Open external link : Reduce the number of challenges presented to visitors using the Privacy Pass browser extension.

​​ Protection with minimal setup

Based on additional knowledge about your website traffic and requirements, you can also:

• Enable bot protection .
• Set up various Security rules:
  • Firewall rules block, challenge, or allow requests based on several characteristics (user agents, cookies, referrer, and more).
  • Rate limiting rules Open external link (usage-based billing) block IP addresses based on a URL pattern and defined request threshold.
  • IP Access rules Open external link block, challenge, or allow requests based on IP address, IP range, country, or ASN.
  • User Agent Blocking rules Open external link block or challenge specific requests based on the associated user agent value.
  • Zone Lockdown rules Open external link (customers on a Pro plan or higher) specify a list of IP addresses, CIDR ranges, or networks that are allowed to access a particular domain, subdomain, or URL.
• Further customize Web Application Firewall (WAF) and DDoS Protection settings.
• Create forwarding URLs Open external link to prevent access to specify URLs, request schemes, file types, subdomains, or directories by redirecting users to a safe location.
• Restrict access to documents, files, and media by configuring Token Authentication Open external link .

​​ Dedicated products

Cloudflare also offers dedicated products to increase the security of your website and underlying infrastructure:

• API Shield : Protect your API from malicious traffic by enforcing schema validation, detecting abuse patterns, and more.
• Magic Firewall : Use Cloudflare’s firewall-as-a-service (FWaaS) to protect office networks and cloud infrastructure with advanced, scalable protection.
• Magic Transit : Delivers network functions at Cloudflare scale — DDoS protection, traffic acceleration, and much more from every Cloudflare data center — for on-premise, cloud-hosted, and hybrid networks.
• Magic WAN : Securely connect any traffic source - data centers, offices, devices, cloud properties - to Cloudflare’s network and configure routing policies to get the bits where they need to go, all within one SaaS solution.
• Page Shield : Monitor third-party scripts on your application and receive notifications when they have been compromised or are exhibiting malicious behavior.